CIRCLE WITH A DOT

2026-05-21 RDP #Honeypot IOCs - 468 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 276193.169.194.14 - 57111.170.152.113 - 15Top ASNs:AS51784 - 276AS214576 - 57AS396982 - 45Top Accounts:hello - 309(empty) - 57Test - 30Top ISPs:X-city Customers and Private - 276Berdiev Ruslan Mukhabatovich - 57Google LLC - 45Top Clients:Unknown - 468Top Software:Unknown - 468Top Keyboards:Unknown - 468Top IP Classification:Unknown - 408hosting - 48hosting & proxy - 12Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-21 RDP #Honeypot IOCs - 312 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 184193.169.194.14 - 38111.170.152.113 - 10Top ASNs:AS51784 - 184AS214576 - 38AS396982 - 30Top Accounts:hello - 206(empty) - 38Test - 20Top ISPs:X-city Customers and Private - 184Berdiev Ruslan Mukhabatovich - 38Google LLC - 30Top Clients:Unknown - 312Top Software:Unknown - 312Top Keyboards:Unknown - 312Top IP Classification:Unknown - 272hosting - 32hosting & proxy - 8Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-21 RDP #Honeypot IOCs - 156 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 92193.169.194.14 - 19111.170.152.113 - 5Top ASNs:AS51784 - 92AS214576 - 19AS396982 - 15Top Accounts:hello - 103(empty) - 19Test - 10Top ISPs:X-city Customers and Private - 92Berdiev Ruslan Mukhabatovich - 19Google LLC - 15Top Clients:Unknown - 156Top Software:Unknown - 156Top Keyboards:Unknown - 156Top IP Classification:Unknown - 136hosting - 16hosting & proxy - 4Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-19 RDP #Honeypot IOCs - 420 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 99193.169.194.14 - 63124.222.173.104 - 57Top ASNs:AS51784 - 99AS214576 - 63AS45090 - 57Top Accounts:hello - 204(empty) - 66Test - 36Top ISPs:X-city Customers and Private - 99Berdiev Ruslan Mukhabatovich - 63China Internet Network Information Center - 57Top Clients:Unknown - 420Top Software:Unknown - 420Top Keyboards:Unknown - 420Top IP Classification:Unknown - 303hosting - 90proxy - 24Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

Investigation Scenario You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it. What do you look for to investigate whether an incident occurred and the extent of its impact?#InvestigationPath #DFIR #SOC

2026-05-08 RDP #Honeypot IOCs - 300 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 45104.248.62.230 - 45160.187.146.221 - 30Top ASNs:AS14061 - 48AS51784 - 45AS63949 - 42Top Accounts:hello - 156Test - 39eltons - 15Top ISPs:DigitalOcean, LLC - 48X-city Customers and Private - 45Akamai Technologies, Inc. - 42Top Clients:Unknown - 300Top Software:Unknown - 300Top Keyboards:Unknown - 300Top IP Classification:Unknown - 153hosting - 135proxy - 12Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-05-08 RDP #Honeypot IOCs - 200 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 30104.248.62.230 - 30160.187.146.221 - 20Top ASNs:AS14061 - 32AS51784 - 30AS63949 - 28Top Accounts:hello - 104Test - 26eltons - 10Top ISPs:DigitalOcean, LLC - 32X-city Customers and Private - 30Akamai Technologies, Inc. - 28Top Clients:Unknown - 200Top Software:Unknown - 200Top Keyboards:Unknown - 200Top IP Classification:Unknown - 102hosting - 90proxy - 8Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

“What researchers learned about building an LLM security workflow”A brief but really interesting article about the use of #AI #LLMs in a #SOC, discussing how constraints and process guide rails HELP with incident triage. Bonus points: #Suricata mentioned https://www.helpnetsecurity.com/2026/05/04/building-llm-security-workflow/